Snort mailing list archives
Re: Snort for report GTp statistics
From: Hui Cao <hcao () sourcefire com>
Date: Mon, 9 Jul 2012 11:27:12 -0400
Currently, you can't get it without code change. Details of messages break down can be seen when you enable debug messages. We will provide the statistics for GTP-U separately in the future release. Hui. On Thu, Jul 5, 2012 at 12:16 PM, Vinayak Malshetty < Vinayak_Malshetty () mindtree com> wrote:
Hi Hui,**** Many Thanks for your reply, I did try by disabling GTP decoding and see that below counters get increment**** ** ** =============================================================================== **** GTP Preprocessor Statistics**** Total sessions: 2**** Total reserved messages: 0**** Packets with reserved information elements: 0**** Total messages of version 1: 32**** =============================================================================== **** ** ** But my requirement is that does snort report GTP-c and GTP-u stats separately, i.e is there any way to figure out how many GTP-c pkts and GTP-u pkts have been received**** ** ** ** ** Regards,**** -Vinayak**** *From:* Hui Cao [mailto:hcao () sourcefire com] *Sent:* Thursday, July 05, 2012 7:07 PM *To:* snort-users () lists sourceforge net *Subject:* Re: [Snort-users] Snort for report GTp statistics**** ** ** You can get GTP_U statistics by not enabling GTP decoding (commenting out "config enable_gtp"). After GTP decoding for GTP-U, that message will be the actual message when it goes through GTP preprocessor. Therefore, you won't get any type of GTP-U pakcets when GTP-U decoding is enabled. Best, Hui. On 07/04/2012 11:53 PM, Vinayak Malshetty wrote: **** **** Hi All,**** **** I am using snort for get GTP packets statistics in my conf file I have enabled GTP decoder and preprocessor. But snort is reporting statistics for GTP-c(signaling messages). Is there any way I can configure snort to report both GTP-c and GTP-U packets.**** **** My set-up**** **** A1 ------------------------------ A2**** |**** |**** |**** A3**** **** A1,A2 and A3 are linux machines. A1 and A2 behave as GGSS and SGSN whre GTP pkts(gtp-c and gtp-u) are sent and received. I am running snort on A3 to monitors GTP packets b/w A1<->A2 and report the GTP statistics. But I am getting statistics only for GTP-c pkts and not for GTP-U pkts**** **** Log:**** ------**** =============================================================================== **** GTP Preprocessor Statistics**** Total sessions: 2**** Total reserved messages: 0**** Packets with reserved information elements: 0**** Total messages of version 1: 12**** =============================================================================== **** **** Can anyone suggest me is there any-way to report GTP-U statistics. Please do let me know if any more info is needed **** **** Many Thanks,**** -Vinayak **** ** ** ------------------------------ http://www.mindtree.com/email/disclaimer.html **** ------------------------------------------------------------------------------**** Live Security Virtual Conference**** Exclusive live event will cover all the ways today's security and **** threat landscape has changed and how IT managers can respond. Discussions **** will include endpoint security, mobile security and the latest in malware **** threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/**** **** _______________________________________________**** Snort-users mailing list**** Snort-users () lists sourceforge net**** Go to this URL to change user options or unsubscribe:**** https://lists.sourceforge.net/lists/listinfo/snort-users**** Snort-users list archive:**** http://www.geocrawler.com/redir-sf.php3?list=snort-users**** ** ** Please visit http://blog.snort.org to stay current on all the latest Snort news!****
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort for report GTp statistics Vinayak Malshetty (Jul 04)
- Re: Snort for report GTp statistics Hui Cao (Jul 05)
- Re: Snort for report GTp statistics Vinayak Malshetty (Jul 05)
- Re: Snort for report GTp statistics Hui Cao (Jul 09)
- Re: Snort for report GTp statistics Vinayak Malshetty (Jul 05)
- Re: Snort for report GTp statistics Hui Cao (Jul 05)